CVE-2022-3073

Name of the Vulnerable Software and Affected Versions Quanos SCHEMA ST4 versions Bootstrap 2019 v2 through 2022 SP1 v1

Description The issue allows a remote attacker to perform JavaScript injection, potentially hijacking existing sessions to access other web services in the same environment or execute scripts within the user's browser environment. The affected script is *-schema.js.

Recommendations For versions Bootstrap 2019 v2 through 2022 SP1 v1, consider disabling the *-schema.js script as a temporary workaround until a patch is available. Restrict access to the affected web templates to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.